CN110059485A - Privately owned API detection method, terminal and the storage medium of IOS application - Google Patents
Privately owned API detection method, terminal and the storage medium of IOS application Download PDFInfo
- Publication number
- CN110059485A CN110059485A CN201910200507.4A CN201910200507A CN110059485A CN 110059485 A CN110059485 A CN 110059485A CN 201910200507 A CN201910200507 A CN 201910200507A CN 110059485 A CN110059485 A CN 110059485A
- Authority
- CN
- China
- Prior art keywords
- api
- string
- privately owned
- assemble
- dynamic
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000001514 detection method Methods 0.000 title claims abstract description 21
- 238000003860 storage Methods 0.000 title claims abstract description 16
- 238000000034 method Methods 0.000 claims abstract description 74
- 238000004891 communication Methods 0.000 claims description 12
- 238000004590 computer program Methods 0.000 claims description 10
- 238000012986 modification Methods 0.000 claims description 4
- 230000004048 modification Effects 0.000 claims description 4
- 238000012360 testing method Methods 0.000 abstract description 6
- 238000012827 research and development Methods 0.000 abstract 1
- 238000011835 investigation Methods 0.000 description 7
- 230000008569 process Effects 0.000 description 5
- 238000010586 diagram Methods 0.000 description 4
- 238000012545 processing Methods 0.000 description 4
- 230000003068 static effect Effects 0.000 description 4
- 238000012550 audit Methods 0.000 description 3
- 230000006870 function Effects 0.000 description 3
- 238000013459 approach Methods 0.000 description 2
- 230000006399 behavior Effects 0.000 description 2
- 238000012544 monitoring process Methods 0.000 description 2
- 238000010276 construction Methods 0.000 description 1
- 230000006837 decompression Effects 0.000 description 1
- 230000002452 interceptive effect Effects 0.000 description 1
- 230000014759 maintenance of location Effects 0.000 description 1
- 230000009467 reduction Effects 0.000 description 1
- 238000012163 sequencing technique Methods 0.000 description 1
- 125000006850 spacer group Chemical group 0.000 description 1
- 238000001228 spectrum Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/562—Static detection
- G06F21/563—Static detection by source code analysis
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/03—Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
- G06F2221/033—Test or assess software
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Virology (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Stored Programmes (AREA)
Abstract
The present invention is applied to IOS research and development management testing field, discloses privately owned API detection method, terminal and the storage medium of a kind of IOS application, method includes: that application code executes String order, using result as the first API string assemble;Each API character string in first API string assemble is input to and presets privately owned API library and searches, existing API character string will be preset in privately owned API library and the first API string assemble as the 2nd API string assemble;By performSelector:@selector (privateApiName) call method and the 2nd API string assemble, search operation is executed to the application code under operating status, to obtain the privately owned API of dynamic call according to result.To detect the privately owned API of dynamic call, the identification function test of privately owned api interface is realized.
Description
Technical field
The present invention relates to privately owned API detection method, terminal and calculating that IOS application field more particularly to a kind of IOS are applied
Machine readable storage medium storing program for executing.
Background technique
Privately owned API is undocumented certain methods in IOS system (apple mobile device operation system) exploitation.By IOS
Using needing to file an application to operation enterprise before restocking to IOS system application shop, if operation enterprise audit discovery uses
Privately owned API, using will be unable to restocking.Therefore it needs to carry out self-test row before operation enterprise is audited packet will be applied to submit to
It looks into.The api packet mainly applied at present to IOS to the investigation of privately owned API is using class-dump order, the character that will be obtained
It set of strings and presets privately owned API library and takes intersection, but this method can not obtain the privately owned API of dynamic call.
Summary of the invention
The main purpose of the present invention is to provide a kind of privately owned API detection methods of IOS application, terminal and computer-readable
Storage medium, it is intended to solve the problems, such as the privately owned API that can not obtain dynamic call in self-test investigation at present.
To achieve the above object, the present invention provides a kind of privately owned API detection method of IOS application, and the method includes steps
It is rapid:
Application code executes String order, will execute result that String order obtains as the first application program
Programming interface API string assemble;
Each API character string in the first API string assemble is input to and presets privately owned API library and searches,
Existing all API character strings will be preset in privately owned API library and the first API string assemble as the 2nd API character
Set of strings;
Pass through performSelector:@selector (privateApiName) call method and the 2nd API character string
Set executes dynamic lookup operation to the application code under operating status, to obtain the privately owned of dynamic call according to lookup result
API。
Optionally, described to pass through@performSelector:@selector (privateApiName) call method and
Two API string assembles, executing the step of dynamic lookup operates to the application code under operating status includes:
By each API character string in the 2nd API string assemble respectively with performSelector:@selector
(privateApiName) call method is spliced, and all splicing character strings obtained according to splicing are under operating status
Application code executes dynamic lookup operation.
Optionally, each API character string by the 2nd API string assemble respectively with
PerformSelector:@selector (privateApiName) call method is spliced, and the institute obtained according to splicing
Have splicing character string under operating status application code execute dynamic lookup operation the step of include:
The API character string in the 2nd API string assemble is successively selected according to preset order;
When often choosing API character string, by the API character string chosen and@performSelector:@selector
(privateApiName) call method is spliced, and forms splicing character string;
Dynamic lookup operation is executed to the application code under operating status according to the splicing character string, and judges that this is dynamically looked into
Whether the lookup result for looking for the corresponding feedback of operation is empty;
When the lookup result that the dynamic lookup operates corresponding feedback is not sky, lookup result is exported, and continue from described
Next API character string is selected in 2nd API string assemble, until having selected the API in the 2nd API string assemble
Until character string;
When the lookup result that the dynamic lookup operates corresponding feedback is empty, continue from the 2nd API string assemble
The middle next API character string of selection, until having selected the API character string in the 2nd API string assemble.
Optionally, after the step of privately owned API that dynamic call is obtained according to lookup result, further includes:
Cryptographic operation is carried out to each API character string in the 2nd API string assemble, to obtain encrypted characters
String, and by each encrypted characters string respectively with@performSelector:@selector (privateApiName) call method
Spliced, to obtain splicing encrypted characters string;
It executes secondary dynamic lookup to the application code under operating status according to all splicing encrypted characters strings to operate, and root
The privately owned API of dynamic call after being encrypted according to secondary dynamic lookup result.
Optionally, the method also includes steps:
Application is wrapped and executes Class-dump order, result that Class-dump order obtains will be executed as third
API string assemble;
Existing API character string in the 2nd API string assemble and the 3rd API string assemble is obtained,
And API character string existing in the 2nd API string assemble and the 3rd API string assemble is determined as privately owned
API。
Optionally, after all steps, further includes:
All privately owned API are modified, and application packet is generated by the application code after the privately owned API of modification;
The application packet is sent to IOS application auditing system.
Optionally, the method also includes steps:
At interval of preset time, update is described to preset privately owned API library.
To achieve the above object, the present invention also provides a kind of terminals, are applied to IOS system, and the terminal includes:
Execution module executes String order for application code, will execute the result that String order obtains and make
For the first application programming interface API string assemble;
Searching module, for each API character string in the first API string assemble is input to preset it is privately owned
API library is searched, and will be preset existing all API character strings in privately owned API library and the first API string assemble and be made
For the 2nd API string assemble;
Dynamic lookup module, for passing through@performSelector:@selector (privateApiName) called side
Method and the 2nd API string assemble execute dynamic lookup operation to the application code under operating status, to obtain according to lookup result
Obtain the privately owned API of dynamic call.
To achieve the above object, the present invention also provides a kind of terminal, the terminal includes: communication module, memory, processing
Device and it is stored in the computer program that can be run on the memory and on the processor, the computer program is described
Processor realizes the step of privately owned API detection method of IOS application as described above when executing.
To achieve the above object, the present invention also provides a kind of computer readable storage medium, the computer-readable storages
Computer program is stored on medium, the computer program realizes the private of IOS application as described above when being executed by processor
There is the step of API detection method.
The present invention executes String order by application code, will execute result that String order obtains as the
One application programming interface API string assemble;By each API character string input in the first API string assemble
It is searched, will be preset existing all in privately owned API library and the first API string assemble to privately owned API library is preset
API character string is as the 2nd API string assemble;Pass through@performSelector:@selector (privateApiName)
Call method and the 2nd API string assemble execute dynamic lookup operation to the application code under operating status, according to lookup
As a result the privately owned API of dynamic call is obtained.To identical in the method name for achieving with presetting privately owned API in privately owned API library
It is dynamic in conjunction with performSelector:@selector (privateApiName) call method after 2nd API string assemble
State has found out the privately owned API of dynamic call, solves the privately owned API that can not obtain dynamic call using Class-dunp at present
The problem of.
Detailed description of the invention
Fig. 1 is the structural schematic diagram for the terminal that the embodiment of the present invention is related to;
Fig. 2 is the flow diagram of privately owned one embodiment of API detection method of present invention I O S application;
Fig. 3 is one the functional block diagram of terminal of the present invention.
The embodiments will be further described with reference to the accompanying drawings for the realization, the function and the advantages of the object of the present invention.
Specific embodiment
It should be appreciated that the specific embodiments described herein are merely illustrative of the present invention, it is not intended to limit the present invention.
Fig. 1 is please referred to, Fig. 1 is the hardware structural diagram of terminal provided by the present invention.The terminal applies are in IOS system
It unites (apple mobile device operation system), may include the components such as communication module 10, memory 20 and processor 30.The end
End can be mobile phone, tablet computer and intelligent wearable device etc..In the terminal, the processor 30 respectively with institute
It states memory 20 and the communication module 10 connects, be stored with computer program, the computer journey on the memory 20
The step of sequence is executed by processor 30 simultaneously, and following methods embodiment is realized when the computer program executes.
Communication module 10 can be connect by network with external communications equipment.Communication module 10 can receive external communication and set
The request that preparation goes out, can also send request, instruction and information to the external communications equipment.The external communications equipment can be with
It is other controlling terminals, server and/or dedicated data monitoring platform.It should also be noted that, terminal with external communication
When equipment interacts, IOS application execution can be based on.
Memory 20 can be used for storing software program and various data.Memory 20 can mainly include storing program area
The storage data area and, wherein storing program area can application program needed for storage program area, at least one function it is (such as right
Application code executes instruction) etc.;Storage data area may include database, and storage data area can be stored is created according to using for terminal
Data or information for building etc..In addition, memory 20 may include high-speed random access memory, it can also include non-volatile deposit
Reservoir, for example, at least a disk memory, flush memory device or other volatile solid-state parts.
Processor 30 is the control centre of terminal, using the various pieces of various interfaces and the entire terminal of connection, is led to
It crosses operation or executes the software program and/or module being stored in memory 20, and call the number being stored in memory 20
According to, execute terminal various functions and processing data, thus to terminal carry out integral monitoring.Processor 30 may include one or more
A processing unit;Optionally, processor 30 can integrate application processor and modem processor, wherein application processor master
Processing operation system, user interface and application program etc. are wanted, modem processor mainly handles wireless communication.It is understood that
It is that above-mentioned modem processor can not also be integrated into processor 30.
Although Fig. 1 is not shown, above-mentioned terminal can also guarantee it for connecting to power supply including circuit control module
The normal work of his component.Above-mentioned terminal can also include display module, for extracting the data in memory 20, and show
The system interface of terminal and the interactive interface of application.It will be understood by those skilled in the art that terminal structure shown in Fig. 1 is simultaneously
The not restriction of structure paired terminal may include perhaps combining certain components or different than illustrating more or fewer components
Component layout.
Based on above-mentioned hardware configuration, each embodiment of the method for the present invention is proposed.
Referring to fig. 2, in an embodiment of the privately owned API detection method of present invention I O S application, comprising:
Step S10, application code execute String order, will execute result that String order obtains as first
API string assemble;
Wherein application code is the code that can generate IOS application executable file referred to, and application code uses
API (Application Programming Interface, the application called in the available application code of String order
Program Interfaces) the corresponding character string of title.It should be noted that the first API character obtained by executing String order
It include the corresponding character string of all API of dynamic call and static call in set of strings, and API information packet involved in set
Include method, attribute and the method for dynamic call.
Step S20, each API character string in the first API string assemble is input to preset privately owned API library into
Row is searched, and will preset in privately owned API library and the first API string assemble existing all API character strings as second
API string assemble;
All privately owned API character strings that Apple Inc. is forbidden to use are stored in privately owned API library it is to be understood that presetting
Set, and with the update iteration of IOS system, system operation enterprise itself can be updated defining for API, therefore can be with
Preset at interval of preset time the update of privately owned API library, to guarantee the accuracy of privately owned API detection.Among it every
Preset time can be configured according to actual needs, be can be the triggering before carrying out privately owned API detection and updated, can be whenever
IOS system operation enterprise is updated when having updated the confining spectrum of API, can be and is updated according to Fixed Time Interval.
In addition, method name and API class name that the API information for including in privately owned API library has API are preset, it is described to preset privately owned API library for example
It can be the library private.db.
In the present embodiment, the API information as involved in the first API string assemble includes method, attribute and dynamic
The restriction of the method for calling, therefore the first API string assemble is compared obtained second with privately owned API library is preset
API string assemble is to determine that is, the 2nd API string assemble has sought the first API character string according to identical API approach name
Gather the corresponding string assemble of privately owned API identical with method name in privately owned API library is preset.
Step S30 passes through@performSelector:@selector (privateApiName) call method and second
API string assemble executes dynamic lookup operation to the application code under operating status, is adjusted with obtaining dynamic according to lookup result
Privately owned API.
It should be noted that@performSelector is a kind of method call mode in IOS, can be passed to an object
Any information is passed, and does not need to state these methods when compiling, so can not be detected by Class-dump order
The privately owned API of dynamic call.In addition, the API character string in the 2nd API string assemble is only and presets in privately owned API library
Privately owned API approach name is identical, can not also directly obtain the privately owned API of dynamic call, so if according to the method for the prior art
The application code under static state is searched in execution, can not find the privately owned API for the dynamic call that do not stated.
In order to solve the problems, such as how to find the privately owned API of dynamic call, the 2nd API string assemble can be combined dynamic
State call method carries out runtime (time of running) lookup, determines the privately owned API of dynamic call in the 2nd API string assemble.
Optionally, it can be by the method that the 2nd API string assemble joint dynamic call method carries out runtime lookup by second
Each API character string in API string assemble respectively with@performSelector:@selector
(privateApiName) call method is spliced, and all splicing character strings obtained according to splicing are under operating status
Application code executes dynamic lookup operation.Wherein the application code under operating status is that execution is compiled to code, because only
It could dynamically be found out with the privately owned API of dynamic call in the process of implementation.
Further, in conjunction with performSelector:@selector (privateApiName) and the 2nd API character
When set of strings searches the privately owned API of dynamic call, dynamic call lookup can be just carried out with every execution line code,
Dynamic call search operation is carried out when can also completely execute application code, can also be and lines of code is divided into spacer region
Domain successively carries out dynamic call investigation according to the division of interval region.
For performSelector:@selector (privateApiName) call method and the 2nd API character string
The splicing of API character string, which can be, in set directly will need the API character string of dynamic lookup to be arranged in@
Behind performSelector:@selector (privateApiName) call method, in application code operational process
Execute the calling of the above method.When API character strings all in the 2nd API string assemble and performSelector:@
Selector (privateApiName) call method completes splicing, and after carrying out dynamic lookup, can will dynamic every time
The result of search operation regard as be dynamic call privately owned API.In addition, lookup result can be to regarding as privately owned API's
Code position is highlighted and/or is marked, and can also be recorded the specific locations such as the line number of application code, be remained developer
It modifies adjustment, can also be modified by the user for testing with terminal.
The present embodiment executes String order by application code, will execute the result conduct that String order obtains
First application programming interface API string assemble;Each API character string in the first API string assemble is defeated
Enter to presetting privately owned API library and searched, existing institute in privately owned API library and the first API string assemble will be preset
There is API character string as the 2nd API string assemble;Pass through@performSelector:@selector
(privateApiName) call method and the 2nd API string assemble execute dynamic to the application code under operating status and look into
Operation is looked for, to obtain the privately owned API of dynamic call according to lookup result.To privately owned in achieving and presetting privately owned API library
After the identical 2nd API string assemble of the method name of API, in conjunction with performSelector:@selector
(privateApiName) call method dynamic lookup has gone out the privately owned API of dynamic call, solves and uses Class- at present
Dump can not obtain the problem of privately owned API of dynamic call.
Further, in another embodiment, the step S30 includes:
Step S31 successively selects the API character string in the 2nd API string assemble according to preset order;
It is to be understood that there are multiple API character strings in the 2nd API string assemble, it is being combined call method
When dynamic lookup, the 2nd API string assemble can be called directly and be automatically performed string-concatenation, it can also be according to setting sequence
API character string therein is successively selected, then carries out string-concatenation.Wherein preset order can be random ordering, be also possible to according to
API progress sequence/inverted order selections.
Step S32, when often choosing API character string, by the API character string chosen and@performSelector:@
Selector (privateApiName) call method is spliced, and splicing character string is formed;
For single API character string and@performSelector:@selector (privateApiName) call method
Splicing it is consistent with previous embodiment, when execution, is also referred to execute, and this will not be repeated here.
Step S33 executes dynamic lookup operation to the application code under operating status according to the splicing character string, and judges
Whether the lookup result of the corresponding feedback of dynamic lookup operation is empty;If it is not, thening follow the steps S34;If so, thening follow the steps
S35;
It is to be understood that indicating that current dynamic lookup is made when the result found using splicing character string is empty
The corresponding privately owned API of API character string in set does not carry out dynamic call;When what is found using splicing character string
As a result it is not sky, it is one or many indicates that the corresponding privately owned API of currently used API character string may have been used, can position
Its position exports result.
It should also be noted that, being counted for the lookup for gathering and gathering a content for the character string etc. in two set
According to lesser situation, each element in two set can be taken out, and each element in two set is compared and is looked into
It looks for, then returns again to result.In the case of data volume is larger in some set in two set, such as privately owned API library is preset,
It then can be using each API character string in another small API string assemble of relatively data volume as keyword to larger
The set of data volume carries out traversal lookup.
Step S34 exports lookup result, and continues to select next API character from the 2nd API string assemble
String, until having selected the API character string in the 2nd API string assemble;
Step S35, continuation selects next API character string from the 2nd API string assemble, until having selected institute
Until stating the API character string in the 2nd API string assemble.
This programme gives successively progress API character string selection and all dynamic calls of dynamic lookup operation output are privately owned
The detailed protocol of API, the technical issues of solving the investigation that current techniques cannot achieve the privately owned API of dynamic call.
Further, in another embodiment, it before executing step S30 or after step S30, can also be performed
Following steps:
Step S40 carries out cryptographic operation to each API character string in the 2nd API string assemble, to be added
Close character string, and each encrypted characters string is adjusted with@performSelector:@selector (privateApiName) respectively
Spliced with method, to obtain splicing encrypted characters string;
Step S50 executes secondary dynamic lookup to the application code under operating status according to all splicing encrypted characters strings
Operation, and after being encrypted according to secondary dynamic lookup result dynamic call privately owned API.
The Encryption Algorithm that wherein cryptographic operation is related to for example can be rivest, shamir, adelman.
It is to be understood that the safety in order to guarantee api interface, usually can meet API during code construction
Mouth is encrypted, if only directly carrying out splicing to original API character string combination dynamic call method is to be unable to get to add
The privately owned API's of close dynamic call, therefore a variety of cipher modes can be used, respectively in the 2nd API string assemble
API character string encrypted, then encrypted character string carried out in conjunction with dynamic call method under operating status using generation
The secondary dynamic lookup operation of code, to obtain the privately owned API of encrypted dynamic call.This programme passes through first to API character
String is encrypted to be spliced again, can further be improved identification and be found out all possible privately owned API, IOS audit is submitted in reduction
System, which goes wrong, returns to the probability of modification.
Further, in other embodiments, the method can also include:
Step S60 wraps application and executes Class-dump order, will execute the result that Class-dump order obtains and make
For the 3rd API string assemble;
It is wherein the executable file that IOS auditing system is submitted to before IOS application restocking using packet, Class-dump is
A kind of decompiling instrument can extract corresponding data structure and letter from the binary file of the Objective-C after compiling
The statement such as number, for the category information of dump file destination.It that is include class name in the 3rd API string assemble obtained.
It should also be noted that, Class-dump order needs the first terminal downloads Class- in test before use
Dump tool has Class-dump tool and sound code file after decompression, Class-dump tool can be copied to to/user/
Which under local/bin/ catalogue or/usr/local/bin/class-dump catalogue, specifically copy under catalogue according to OS
System version determines, opens simultaneously Terminal, executes order and assigns its execution permission, to start to execute Class-dump life
It enables, to complete the acquisition of the 3rd API string assemble.
Step S70 obtains existing API in the 2nd API string assemble and the 3rd API string assemble
Character string, and API character string existing in the 2nd API string assemble and the 3rd API string assemble is true
It is set to privately owned API.
The execution of this programme can be parallel with the scheme of dynamic call API in previous embodiment, or there are sequencing,
As long as after obtaining the 2nd API string assemble.Furthermore it is to be understood that the identical situation of the method name of API
Under, API class name is not necessarily identical, and it is privately owned that this is not all static call part may and
API, then there is still a need for the investigation that the situation for using Class-dump order identical according to class name carries out the privately owned API of static call,
To help that complete all privately owned API can be looked into before submitting audit.
It should also be noted that, the mode that API character string whether is existed simultaneously in above-mentioned determining set be referred to it is aforementioned
Scheme about common subset between set realizes that this will not be repeated here.Above-mentioned all privately owned API investigation modes are ok
Repetitious operation operation, while the result found out can also manually be checked, until the privately owned API number found
Measure it is constant until carry out again it is unified modify debugging, or can also check and directly be modified after being determined as privately owned API every time, so
It checks until not finding privately owned API again afterwards.
When having modified privately owned API, when not finding new privately owned API again temporarily, application code can be packaged automatically
Application packet is generated, and submits and is sent to IOS application auditing system, so that official is quickly submitted to after facilitating the privately owned API of investigation, with
Promote the restocking speed of IOS application.
The present invention also proposes a kind of terminal, and referring to Fig. 3, the terminal includes:
Execution module 10 executes String order for application code, will execute the result that String order obtains
As the first application programming interface API string assemble;
Searching module 20, for each API character string in the first API string assemble is input to preset it is privately owned
API library is searched, and will be preset existing all API character strings in privately owned API library and the first API string assemble and be made
For the 2nd API string assemble;
Dynamic lookup module 30, for being called by@performSelector:@selector (privateApiName)
Method and the 2nd API string assemble execute dynamic lookup operation to the application code under operating status, according to lookup result
Obtain the privately owned API of dynamic call.
Optionally, in another embodiment, the dynamic lookup module, being also used to will be in the 2nd API string assemble
Each API character string is spelled with@performSelector:@selector (privateApiName) call method respectively
All splicing character strings for connecing, and being obtained according to splicing execute dynamic lookup operation to the application code under operating status.
Optionally, in another embodiment, the dynamic lookup module includes:
Selecting unit, for successively selecting the API character string in the 2nd API string assemble according to preset order;
Concatenation unit, when for often choosing API character string, API character string and@that will choose
PerformSelector:@selector (privateApiName) call method is spliced, and splicing character string is formed;
Judging unit is searched, for executing dynamic lookup behaviour to the application code under operating status according to the splicing character string
Make, and judges whether the lookup result of the corresponding feedback of dynamic lookup operation is empty;
Output unit exports lookup result when the lookup result for operating corresponding feedback when the dynamic lookup is not sky,
And trigger the selecting unit continuation and select next API character string from the 2nd API string assemble, until having selected
Until API character string in the 2nd API string assemble;
The selecting unit is also used to continue when it is empty that the dynamic lookup, which operates the lookup result of corresponding feedback, from institute
It states and selects next API character string in the 2nd API string assemble, until having selected in the 2nd API string assemble
Until API character string.
Optionally, in another embodiment, the terminal further include:
Splicing module is encrypted, for carrying out encryption behaviour to each API character string in the 2nd API string assemble
Make, to obtain encrypted characters string, and by each encrypted characters string respectively with@performSelector:@selector
(privateApiName) call method is spliced, to obtain splicing encrypted characters string;
Secondary dynamic lookup module, for being executed according to all splicing encrypted characters strings to the application code under operating status
The operation of secondary dynamic lookup, and after being encrypted according to secondary dynamic lookup result dynamic call privately owned API.
Optionally, in another embodiment, the terminal further include:
The execution module is also used to wrap application execution Class-dump order, will execute Class-dump order
Obtained result is as the 3rd API string assemble;
Determining module exists for obtaining in the 2nd API string assemble and the 3rd API string assemble
API character string, and will existing API character in the 2nd API string assemble and the 3rd API string assemble
String is determined as privately owned API.
Optionally, in another embodiment, the terminal further include:
Generation module is modified, is answered for modifying all privately owned API, and by the application code generation after the privately owned API of modification
With packet;
Sending module, for the application packet to be sent to IOS application auditing system.
Optionally, in another embodiment, the terminal further include:
Update module, at interval of preset time, update is described to preset privately owned API library.
The present invention also proposes a kind of computer readable storage medium, is stored thereon with computer program.The computer can
Reading storage medium can be the memory 20 in the server of Fig. 1, be also possible to as ROM (Read-Only Memory, it is read-only to deposit
Reservoir)/RAM (Random Access Memory, random access memory), magnetic disk, at least one of CD, the calculating
Machine readable storage medium storing program for executing include some instructions use so that one with processor terminal device (can be mobile phone, computer,
Server or the network equipment etc.) execute method described in each embodiment of the present invention.
It should be noted that, in this document, the terms "include", "comprise" or its any other variant are intended to non-row
His property includes, so that the process, method, article or the server-side that include a series of elements not only include those elements,
It but also including other elements that are not explicitly listed, or further include for this process, method, article or server-side institute
Intrinsic element.In the absence of more restrictions, the element limited by sentence "including a ...", it is not excluded that wrapping
Include in process, method, article or the server-side of the element that there is also other identical elements.
The serial number of the above embodiments of the invention is only for description, does not represent the advantages or disadvantages of the embodiments.
Through the above description of the embodiments, those skilled in the art can be understood that above-described embodiment side
Method can be realized by means of software and necessary general hardware platform, naturally it is also possible to by hardware, but in many cases
The former is more preferably embodiment.
The above is only a preferred embodiment of the present invention, is not intended to limit the scope of the invention, all to utilize this hair
Equivalent structure or equivalent flow shift made by bright specification and accompanying drawing content is applied directly or indirectly in other relevant skills
Art field, is included within the scope of the present invention.
Claims (10)
1. a kind of privately owned API detection method of IOS application, which is characterized in that the method includes the steps:
Application code executes String order, will execute result that String order obtains as the first application programming
Interface API string assemble;
Each API character string in the first API string assemble is input to and presets privately owned API library and searches, it will
Existing all API character strings are preset in privately owned API library and the first API string assemble as the 2nd API character trail
It closes;
Pass through performSelector:@selector (privateApiName) call method and the 2nd API character trail
It closes, dynamic lookup operation is executed to the application code under operating status, to obtain the privately owned of dynamic call according to lookup result
API。
2. the privately owned API detection method of IOS application according to claim 1, which is characterized in that described to pass through@
PerformSelector:@selector (privateApiName) call method and the 2nd API string assemble, to operation shape
Application code under state executes the step of dynamic lookup operates
By each API character string in the 2nd API string assemble respectively with performSelector:@selector
(privateApiName) call method is spliced, and all splicing character strings obtained according to splicing are under operating status
Application code executes dynamic lookup operation.
3. the privately owned API detection method of IOS application according to claim 2, which is characterized in that described by the 2nd API word
The each API character string accorded in set of strings is called with@performSelector:@selector (privateApiName) respectively
Method is spliced, and all splicing character strings obtained according to splicing execute dynamic lookup to the application code under operating status
The step of operation includes:
The API character string in the 2nd API string assemble is successively selected according to preset order;
When often choosing API character string, by the API character string chosen and@performSelector:@selector
(privateApiName) call method is spliced, and forms splicing character string;
Dynamic lookup operation is executed to the application code under operating status according to the splicing character string, and judges that the dynamic lookup is grasped
Whether the lookup result for making corresponding feedback is empty;
When the lookup result that the dynamic lookup operates corresponding feedback is not sky, lookup result is exported, and continue from described second
Next API character string is selected in API string assemble, until having selected the API character in the 2nd API string assemble
Until string;
When the lookup result that the dynamic lookup operates corresponding feedback is empty, continuation is selected from the 2nd API string assemble
Next API character string is selected, until having selected the API character string in the 2nd API string assemble.
4. the privately owned API detection method of IOS application according to claim 2, which is characterized in that described according to lookup result
After the step of obtaining the privately owned API of dynamic call, further includes:
Cryptographic operation is carried out to each API character string in the 2nd API string assemble, to obtain encrypted characters string, and
Each encrypted characters string is carried out with@performSelector:@selector (privateApiName) call method respectively
Splicing, to obtain splicing encrypted characters string;
It executes secondary dynamic lookup to the application code under operating status according to all splicing encrypted characters strings to operate, and according to two
The privately owned API of dynamic call after secondary dynamic lookup result is encrypted.
5. the privately owned API detection method of IOS application according to claim 4, which is characterized in that the method also includes steps
It is rapid:
Application is wrapped and executes Class-dump order, result that Class-dump order obtains will be executed as the 3rd API word
Accord with set of strings;
Existing API character string in the 2nd API string assemble and the 3rd API string assemble is obtained, and will
Existing API character string is determined as privately owned API in the 2nd API string assemble and the 3rd API string assemble.
6. the privately owned API detection method of IOS application according to claim 5, which is characterized in that after all steps,
Further include:
All privately owned API are modified, and application packet is generated by the application code after the privately owned API of modification;
The application packet is sent to IOS application auditing system.
7. the privately owned API detection method of IOS application according to claim 6, which is characterized in that the method also includes steps
It is rapid:
At interval of preset time, update is described to preset privately owned API library.
8. a kind of terminal, which is characterized in that be applied to IOS system, the terminal includes:
Execution module executes String order for application code, will execute result that String order obtains as the
One application programming interface API string assemble;
Searching module presets privately owned API library for each API character string in the first API string assemble to be input to
It is searched, existing all API character strings will be preset in privately owned API library and the first API string assemble as the
Two API string assembles;
Dynamic lookup module, for by@performSelector:@selector (privateApiName) call method and
2nd API string assemble executes dynamic lookup operation to the application code under operating status, to be moved according to lookup result
The privately owned API that state is called.
9. a kind of terminal, which is characterized in that the terminal includes: communication module, memory, processor and is stored in the storage
On device and the computer program that can run on the processor, realized such as when the computer program is executed by the processor
The step of privately owned API detection method of the described in any item IOS applications of claim 1 to 7.
10. a kind of computer readable storage medium, which is characterized in that be stored with computer on the computer readable storage medium
Program realizes the private of the IOS application as described in any one of claims 1 to 7 when the computer program is executed by processor
There is the step of API detection method.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910200507.4A CN110059485A (en) | 2019-03-16 | 2019-03-16 | Privately owned API detection method, terminal and the storage medium of IOS application |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910200507.4A CN110059485A (en) | 2019-03-16 | 2019-03-16 | Privately owned API detection method, terminal and the storage medium of IOS application |
Publications (1)
Publication Number | Publication Date |
---|---|
CN110059485A true CN110059485A (en) | 2019-07-26 |
Family
ID=67316930
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201910200507.4A Pending CN110059485A (en) | 2019-03-16 | 2019-03-16 | Privately owned API detection method, terminal and the storage medium of IOS application |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN110059485A (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111026435A (en) * | 2019-11-29 | 2020-04-17 | 北京奇艺世纪科技有限公司 | Method, device, equipment and storage medium for detecting application program private interface |
CN111176874A (en) * | 2019-12-23 | 2020-05-19 | 京东数字科技控股有限公司 | Processing method, device and equipment for abnormal exit of application program and storage medium |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104636455A (en) * | 2015-01-30 | 2015-05-20 | 腾讯科技(深圳)有限公司 | Acquisition method and device for application mapping information |
CN107346284A (en) * | 2016-05-05 | 2017-11-14 | 腾讯科技(深圳)有限公司 | The detection method and detection means of a kind of application program |
CN109376021A (en) * | 2018-09-26 | 2019-02-22 | 深圳壹账通智能科技有限公司 | The response method and server that interface calls |
-
2019
- 2019-03-16 CN CN201910200507.4A patent/CN110059485A/en active Pending
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104636455A (en) * | 2015-01-30 | 2015-05-20 | 腾讯科技(深圳)有限公司 | Acquisition method and device for application mapping information |
CN107346284A (en) * | 2016-05-05 | 2017-11-14 | 腾讯科技(深圳)有限公司 | The detection method and detection means of a kind of application program |
CN109376021A (en) * | 2018-09-26 | 2019-02-22 | 深圳壹账通智能科技有限公司 | The response method and server that interface calls |
Non-Patent Citations (1)
Title |
---|
LINKOUBIAN: "关于IOS私有API扫描", pages 1 - 9, Retrieved from the Internet <URL:https://www.jianshu.com/p/24026b30975f> * |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111026435A (en) * | 2019-11-29 | 2020-04-17 | 北京奇艺世纪科技有限公司 | Method, device, equipment and storage medium for detecting application program private interface |
CN111176874A (en) * | 2019-12-23 | 2020-05-19 | 京东数字科技控股有限公司 | Processing method, device and equipment for abnormal exit of application program and storage medium |
CN111176874B (en) * | 2019-12-23 | 2022-04-12 | 京东科技控股股份有限公司 | Processing method, device and equipment for abnormal exit of application program and storage medium |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN107844400B (en) | Log data verification method and device | |
US10204031B2 (en) | Methods and system to create applications and distribute applications to a remote device | |
US8701081B2 (en) | Hardware specific code generation | |
CN109101415A (en) | Interface test method, system, equipment and the storage medium compared based on database | |
CN109189469B (en) | Reflection-based android application micro-servitization method and system | |
CN111142903A (en) | Configuration file interactive updating method and device based on file comparison | |
US20030028856A1 (en) | Method and apparatus for testing a software component using an abstraction matrix | |
KR20160114077A (en) | Scrubber to remove personally identifiable information | |
CN104461898A (en) | Application testing method, center control server, test terminal and system | |
US9965257B2 (en) | Automatic configuration of project system from project capabilities | |
CN104572114A (en) | Binding device, application updating device and method and application | |
Dincturk et al. | A model-based approach for crawling rich internet applications | |
CN103714002B (en) | Project testing method and device based on configuration system | |
CN112256321A (en) | Static library packaging method and device, computer equipment and storage medium | |
CN107194250A (en) | The integrity checking method and device of internal storage code | |
US11204860B2 (en) | Methods and apparatuses for generating smart contract test case | |
CN109918113A (en) | Multiple/hot update method of IOS application hot repair, server and storage medium | |
CN110059485A (en) | Privately owned API detection method, terminal and the storage medium of IOS application | |
US9582270B2 (en) | Effective feature location in large legacy systems | |
CN115237805A (en) | Test case data preparation method and device | |
CN106598662A (en) | Application loading method and device based on android | |
US10310962B2 (en) | Infrastructure rule generation | |
CN111538659B (en) | Interface testing method, system, electronic equipment and storage medium of business scene | |
Keating | Mastering Ansible | |
CN113495723B (en) | Method, device and storage medium for calling functional component |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination |